Mercurial > hg > maltfilter
diff README @ 0:fec14263801d
Initial import of maltfilter development version.
| author | Matti Hamalainen <ccr@tnsp.org> |
|---|---|
| date | Thu, 13 Aug 2009 15:15:18 +0300 |
| parents | |
| children | 56612ebc16ac |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/README Thu Aug 13 15:15:18 2009 +0300 @@ -0,0 +1,70 @@ +Malicious Attack Livid Termination Filter daemon (maltfilter) v0.7 +================================================================== +Programmed by Matti 'ccr' Hämäläinen <ccr@tnsp.org> +(C) Copyright 2009 Tecnic Software productions (TNSP) + +Distributed under the modified ("3-clause") BSD license. Please see +included file COPYING for more information. + +About +===== +Automagic management script for adding and removing Netfilter/iptables +filtering rules based on continuous logfile parsing for certain break-in +and exploitation scanning attempts. + +Maltfilter daemon script continuously scans various system logfiles +including auth.log, httpd logs, etc. for signs of malicious connections +break-in and exploitation attempts. The originating IP addresses of +these connections are then blocked via Netfilter (iptables). + +Requirements: + + - Perl 5.8 or later + - Date::Parse (libtimedate-perl) + - Net::IP (libnet-ip-perl) + + +Installation +============ +Copy maltfilter script to /usr/sbin and set permissions + +$ cp maltfilter /usr/sbin/maltfilter +$ chmod 755 /usr/sbin/maltfilter +$ chown root:root /usr/sbin/maltfilter + +Copy example configuration under /etc (you may not want to +to have the configuration readable to regular users, so below +example sets mode 600 to it.) + +$ cp example.conf /etc/maltfilter.conf +$ chmod 600 /etc/maltfilter.conf +$ chown root:root /etc/maltfilter.conf + + +Optional +======== +Additionally you can set up the provided Debian style init script: + +$ cp example.init /etc/init.d/maltfilter +$ chmod 755 /etc/init.d/maltfilter +$ chown root:root /etc/init.d/maltfilter + +You need to edit the script, if you didn't install the configuration +and maltfilter to paths described in installation section. + + +Configuration and usage +======================= +See example.conf or /etc/maltfilter.conf for general settings. +I HIGHLY recommend that you carefully think which + +The script itself contains additional information about what +certain scan options actually do. + +Start maltfilter either via the init script or through commandline: + +$ maltfilter /var/run/maltfilter.pid /etc/maltfilter.conf + +If you want to use the init script, you need to edit your init runlevel +settings to enable it, for example in Debian/Ubuntu you can use rcconf(8) +or chkconfig(8).